Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/n1aoovYMZxSs0WefrRJiB3jdudI.roa
File:                     n1aoovYMZxSs0WefrRJiB3jdudI.roa (raw, json)
Hash identifier:          q2PjweCwbyJvPPBstb2/ErFFOd9PN++7msnJLhK1PxI=
Subject key identifier:   9F:56:A8:A2:F6:0C:67:14:AC:D1:67:9F:AD:12:62:07:78:DD:B9:D2
Certificate issuer:       /CN=4c18a44d54a47a5ea97dedfd5ed8379d7eea02d0
Certificate serial:       019426D93B389F5F065C59C4D3165A7B279F
Authority key identifier: 4C:18:A4:4D:54:A4:7A:5E:A9:7D:ED:FD:5E:D8:37:9D:7E:EA:02:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/n1aoovYMZxSs0WefrRJiB3jdudI.roa
Signing time:             Thu 02 Jan 2025 11:49:18 +0000
ROA not before:           Thu 02 Jan 2025 11:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20874
IP address blocks:        185.111.160.0/24 maxlen: 24
                          185.111.161.0/24 maxlen: 24
                          185.111.162.0/24 maxlen: 24
                          185.111.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:3b:38:9f:5f:06:5c:59:c4:d3:16:5a:7b:27:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c18a44d54a47a5ea97dedfd5ed8379d7eea02d0
        Validity
            Not Before: Jan  2 11:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f56a8a2f60c6714acd1679fad12620778ddb9d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:52:eb:b5:70:23:d5:70:27:13:49:67:89:8e:
                    20:40:ec:19:87:f6:07:b1:90:7e:ce:a8:af:71:fd:
                    d1:d8:35:3f:cd:d7:5e:42:5f:32:3e:f4:1a:cc:88:
                    5d:b0:4f:a1:45:c1:5e:d7:5b:c7:51:d4:31:a6:95:
                    49:16:46:be:42:c2:10:50:6f:9a:e3:82:1f:77:61:
                    54:da:22:55:2d:99:b2:14:22:96:48:e1:7b:b0:32:
                    66:41:5d:5a:51:66:47:c9:66:71:45:25:d6:e6:94:
                    7a:e7:de:71:49:75:e5:bf:00:68:20:12:08:23:a0:
                    f0:90:08:9d:d3:b9:e1:6f:7b:0e:18:b6:05:d2:f1:
                    87:43:3f:16:1f:1d:62:fa:e4:37:57:63:72:18:3e:
                    5d:6d:7b:89:7d:7f:bd:4d:5f:c2:3b:db:f8:dd:10:
                    0b:01:e0:06:cf:1f:38:9f:fd:cb:de:4c:21:15:05:
                    56:5b:4b:b3:b3:c2:ab:93:2a:04:31:b3:9a:31:2b:
                    6c:a7:1d:b7:92:ed:5c:53:b2:5d:b8:d8:6b:0a:02:
                    32:0a:f5:5e:b6:84:72:fe:1b:73:55:a8:96:98:86:
                    a9:15:cd:01:7b:e2:34:40:d2:17:33:75:87:94:69:
                    73:09:38:a5:7b:21:4a:84:56:82:9e:f3:2a:ba:fc:
                    5f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:56:A8:A2:F6:0C:67:14:AC:D1:67:9F:AD:12:62:07:78:DD:B9:D2
            X509v3 Authority Key Identifier:
                keyid:4C:18:A4:4D:54:A4:7A:5E:A9:7D:ED:FD:5E:D8:37:9D:7E:EA:02:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/n1aoovYMZxSs0WefrRJiB3jdudI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:94:1c:29:ee:41:e8:d6:d6:75:4c:40:10:aa:99:1e:1e:84:
         b9:c6:c9:40:21:74:98:d5:86:3e:9d:ca:f6:b2:ed:43:39:22:
         53:b8:9f:4b:18:9c:d7:bb:6a:43:5a:1d:87:ab:fe:3a:50:f4:
         f6:d1:b5:4a:5a:65:b8:53:b3:d8:17:42:9a:1e:50:ff:ec:e5:
         06:73:c1:91:1b:7d:a4:93:87:68:50:4f:e8:4b:4f:fc:6c:19:
         02:85:04:dd:95:a8:f7:b8:67:de:db:7a:ff:8f:14:c0:c7:1f:
         8a:bb:79:cd:91:63:4e:e9:3f:ca:52:14:37:3a:53:05:d4:b9:
         a3:e6:64:2b:e3:d4:43:3a:0e:f8:7d:ff:0c:86:d3:44:d8:b6:
         3e:62:9e:70:e2:4f:09:2b:18:4f:c1:33:66:b1:78:cd:b2:d8:
         57:e1:59:79:48:b3:80:75:4b:b8:e4:b0:9f:c7:a1:76:9a:76:
         b3:0b:62:bb:d9:4c:bf:0f:e3:9e:06:52:17:5b:42:48:41:af:
         64:9c:1e:6d:fb:4c:4c:d8:9c:7c:a8:b0:e1:93:fc:f9:0d:80:
         08:de:fb:20:2d:c3:37:f2:85:92:6d:dd:b5:b8:84:72:04:cf:
         3e:2f:a6:b2:51:1c:d9:cc:3e:a2:3b:3a:cd:3c:13:d4:0b:09:
         1e:d4:0a:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Ts4n18GXFnE0xZaeyefMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMThhNDRkNTRhNDdhNWVhOTdkZWRmZDVlZDgzNzlkN2Vl
YTAyZDAwHhcNMjUwMTAyMTE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjU2YThhMmY2MGM2NzE0YWNkMTY3OWZhZDEyNjIwNzc4ZGRiOWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1LrtXAj1XAnE0lniY4gQOwZh/YH
sZB+zqivcf3R2DU/zddeQl8yPvQazIhdsE+hRcFe11vHUdQxppVJFka+QsIQUG+a
44Ifd2FU2iJVLZmyFCKWSOF7sDJmQV1aUWZHyWZxRSXW5pR6595xSXXlvwBoIBII
I6DwkAid07nhb3sOGLYF0vGHQz8WHx1i+uQ3V2NyGD5dbXuJfX+9TV/CO9v43RAL
AeAGzx84n/3L3kwhFQVWW0uzs8KrkyoEMbOaMStspx23ku1cU7JduNhrCgIyCvVe
toRy/htzVaiWmIapFc0Be+I0QNIXM3WHlGlzCTileyFKhFaCnvMquvxfewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9WqKL2DGcUrNFnn60SYgd43bnSMB8GA1UdIwQY
MBaAFEwYpE1UpHpeqX3t/V7YN51+6gLQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJpa1RWU2tlbDZwZmUzOVh0ZzNuWDdxQXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9hYmU2YzAtZTc5ZC00Y2RkLTkyYWQt
ZjIxMzYzMDcxNTkxLzEvbjFhb292WU1aeFNzMFdlZnJSSmlCM2pkdWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9hYmU2YzAtZTc5ZC00Y2RkLTkyYWQtZjIxMzYzMDcxNTkx
LzEvVEJpa1RWU2tlbDZwZmUzOVh0ZzNuWDdxQXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBnlBwp7kHo1tZ1TEAQqpkeHoS5xslAIXSY1YY+ncr2
su1DOSJTuJ9LGJzXu2pDWh2Hq/46UPT20bVKWmW4U7PYF0KaHlD/7OUGc8GRG32k
k4doUE/oS0/8bBkChQTdlaj3uGfe23r/jxTAxx+Ku3nNkWNO6T/KUhQ3OlMF1Lmj
5mQr49RDOg74ff8MhtNE2LY+Yp5w4k8JKxhPwTNmsXjNsthX4Vl5SLOAdUu45LCf
x6F2mnazC2K72Uy/D+OeBlIXW0JIQa9knB5t+0xM2Jx8qLDhk/z5DYAI3vsgLcM3
8oWSbd21uIRyBM8+L6ayURzZzD6iOzrNPBPUCwke1AoW
-----END CERTIFICATE-----